CVE-2024-48007

Summary

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.

Affected Software

VendorProductVersion RangeStatus
DellRecoverPoint for Virtual Machines6.0 SP1affected
DellRecoverPoint for Virtual Machines6.0 SP1 P1affected

Weaknesses

  • A07:2021 - Identification and Authentication Failures

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References